System and method for accessing a web server on a device with a dynamic IP-address residing behind a firewall

ABSTRACT

A system and method for providing access to a web server on an electronic device positioned within a firewall. A gateway device including a gateway server is provided outside of the firewall. The gateway device includes an IP address that corresponds to the same DNS extension that is used in the DNS name of the web server. When a client device attempts to contact the web server through the DNS name, the request is transmitted to the gateway server, which in turn communicates with the web server.

FIELD OF THE INVENTION

The present invention relates generally to web servers on mobile electronic devices. More particularly, the present invention relates to the accessing of web servers on mobile electronic devices that are located behind a firewall.

BACKGROUND OF THE INVENTION

Currently, network connectivity for mobile devices such as mobile telephones are provided by an operator. The network connectivity can involve the use of systems, such the general packet radio service (GPRS), that allow information to be sent and received across a mobile telephone network. It may be desirable for a server to be placed on that mobile device, where the server can be accessible by clients running on devices on the Internet.

In such a system, however, there are currently a number of obstacles that must be overcome. In current operator networks, mobile devices are assigned temporary Internet Protocol (IP) addresses. Client devices attempting to access a web server on such a device must therefore be provided with a way of reaching the server that is independent of the IP address that has been assigned to the mobile device. This constitutes a basic problem of addressability in such a system.

Even if a mobile device with a built-in server is assigned a static IP address, however, or if techniques such as dynamic domain name systems (DNS) are used, the server would still be inaccessible. This is due to the fact that operator firewalls typically do not allow connections to be created from a device on the Internet to a mobile device inside the operator's network. Instead, connections must be created from the inside of the operator's network and extend outward to the client device.

Although there have been attempts to address this accessibility issue, each of these proposed solutions possess serious shortcomings. One proposed solution involves port knocking. With port knocking, when certain firewall port numbers are knocked in a “secret” sequence, then one particular port number is opened for a short period of time. This concept is discussed at www.linuxjournal.com/article.php?sid=6811. Another solution involves the use of a firewall control protocol (FCP), which can enable a third, trusted party to dynamically control the firewall (i.e., which ports are opened, the period of time the ports are opened, which clients are permitted to have the ports opened, etc.) FCP is discussed at www.iptel.org/fcp/ietf-fcp.ppt. For both of these systems, however, there is a requirement that the out-of-network device be given at least some indirect control of the firewall. To satisfy this requirement, operators would need to invest more in their infrastructure and possibly attempt to solve a problem for which there is no correctly existing industry-standard. Moreover, making firewalls dynamically configurable would also result in a need to modify web browsers, which is undesirable.

In addition to the above, even if the mobile device possessing the server and the device from which the server is accessed are in the same operator network, there are still no guarantees that the server could be accessed, even if the client knows the temporary IP address. In particular, typical operators do not currently route packets directly between the mobile devices.

SUMMARY OF THE INVENTION

The present invention addresses the issues discussed above by introducing a gateway that transparently delivers requests from client devices on the Internet to a web server on a mobile device such as a mobile telephone. Similarly, the gateway delivers replies from the mobile web server to the client that initiated the request.

The system and method of the present invention provides for a number of advantages over conventional systems. The present permits access to a web server on mobile devices such as mobile phones in currently-existing operator networks, while not requiring any involvement from the operator of the respective device. Additionally, the present invention allows devices such as mobile telephones to become full members of the Internet, without having to wait for the Mobile IPv6 protocol to become available.

These and other objects, advantages and features of the invention, together with the organization and manner of operation thereof, will become apparent from the following detailed description when taken in conjunction with the accompanying drawings, wherein like elements have like numerals throughout the several drawings described below.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is an overview diagram of a system according to an embodiment of the present invention;

FIG. 2 is a perspective view of a mobile telephone that can be used in the implementation of the present invention;

FIG. 3 is a schematic representation of the telephone circuitry of the mobile telephone of FIG. 2;

FIG. 4 is a representation of a simplified a mobile device, a client device, and a gateway computer/gateway server according to one embodiment of the present invention;

FIG. 5 is a flow chart showing the implementation of one embodiment of the present invention; and

FIG. 6 is a flow chart showing a process for opening a socket between a client device and a gateway computer in the event that an operator has blocked a particular port to be used.

DETAILED DESCRIPTION OF THE INVENTION

FIG. 1 shows a system 10 in which the present invention can be utilized, comprising multiple communication devices that can communicate through a network. The system 10 may comprise any combination of wired or wireless networks including, but not limited to, a mobile telephone network, a wireless Local Area Network (LAN), a Bluetooth personal area network, an Ethernet LAN, a token ring LAN, a wide area network, the Internet, etc. The system 10 may include both wired and wireless communication devices.

For exemplification, the system 10 shown in FIG. 1 includes a mobile telephone network 11 and the Internet 28. Connectivity to the Internet 28 may include, but is not limited to, long range wireless connections, short range wireless connections, and various wired connections including, but not limited to, telephone lines, cable lines, power lines, and the like.

The exemplary communication devices of system 10 may include, but are not limited to, a mobile telephone 12, a combination PDA and mobile telephone 14, a PDA 16, an integrated messaging device (IMD) 18, a desktop computer 20, and a notebook computer 22. The communication devices may be stationary or mobile as when carried by an individual who is moving. The communication devices may also be located in a mode of transportation including, but not limited to, an automobile, a truck, a taxi, a bus, a boat, an airplane, a bicycle, a motorcycle, etc. Some or all of the communication devices may send and receive calls and messages and communicate with service providers through a wireless connection 25 to a base station 24. The base station 24 may be connected to a network server 26 that allows communication between the mobile telephone network 11 and the Internet 28. The system 10 may include additional communication devices and communication devices of different types.

The communication devices may communicate using various transmission technologies including, but not limited to, Code Division Multiple Access (CDMA), Global System for Mobile Communications (GSM), Universal Mobile Telecommunications System (UMTS), Time Division Multiple Access (TDMA), Frequency Division Multiple Access (FDMA), Transmission Control Protocol/Internet Protocol (TCP/IP), Short Messaging Service (SMS), Multimedia Messaging Service (MMS), e-mail, Instant Messaging Service (IMS), Bluetooth, IEEE 802.11, etc. A communication device may communicate using various media including, but not limited to, radio, infrared, laser, cable connection, and the like.

FIGS. 2 and 3 show one representative mobile telephone 12 according to one embodiment of the invention. It should be understood, however, that the present invention is not intended to be limited to one particular type of mobile telephone 12 or other electronic device. The mobile telephone 12 of FIGS. 2 and 3 includes a housing 30, a display 32 in the form of a liquid crystal display, a keypad 34, a microphone 36, an ear-piece 38, a battery 40, an infrared port 42, an antenna 44, a smart card 46 in the form of a UICC according to one embodiment of the invention, a card reader 48, radio interface circuitry 52, codec circuitry 54, a controller 56 and a memory 58. Individual circuits and elements are all of a type well known in the art, for example in the Nokia range of mobile telephones.

The present invention, depicted in simplified form in FIG. 4, operates in a situation where a mobile device 100, which does not have a fixed IP address, resides behind an operator firewall. The firewall prevents connections from being created from outside of the network to the mobile device 100, instead only permitting connections to be created from the mobile device 100 to outside of the network. The present invention addresses a situation where a web server 110 is to run on the mobile device, and it is desirable for the server 100 to be accessible to at least one client device 120 (both mobile and/or stationary) on the Internet 28.

According to the present invention, the protocol to be used in the communication between client device 120 on the Internet and the web server 110 on the mobile device 100 is such that the request, when sent by the client device 120 to the web server 110, contains information about which electronic device 100 the request is intended for. A gateway computer 130 is also set up somewhere on the Internet, outside of the operator firewall. The gateway computer 130 includes a gateway server 140 that listens on two ports. One port is well-known to client devices 120 on the Internet 28 (the HTTP port), while the port is referred to as a specific port. The client device 120, the mobile device 100 and the gateway computer 130 can all possess circuitry and functionality of the type described in FIG. 3.

The mobile device 100 containing the web server 110 proceeds to open a connection to the specific port of the gateway server 140. Each mobile device 100 is assigned a name and is arranged so that DNS lookups for that name result in the IP address of the gateway computer 130 being returned. The gateway server 140 looks at each request arriving from various client devices 120 to the well-known port and uses the content in order to deduce for which mobile device 100 the request is intended. The gateway server 140 then delivers the request over the connection that was opened by the mobile device 100. The web server 110 on the mobile device 100 will then return a reply over the same connection, and the reply is transmitted to the client device 120. In this process, it appears as if the web server 110 on the mobile device 100 is directly accessible from any client device 120 on the Internet. Thus, the mobile device 100 has become both addressable and accessible.

On implementation of the present invention is generally as follows and is represented in FIG. 5. In this particular implementation, the mobile device 100 comprises a mobile telephone, and the protocol is HTTP. In this implementation, a DNS is configured so that all DNS lookups ending in a particular extension, such as “name.mu”, result in the IP address of the gateway computer. For illustrative purposes only, it is assumed that the IP address is 10.20.30.40. In practice, this means that lookups such as, for instance, alice.name.mu and bob.name.mu result in an IP address of 10.20.30.40.

As discussed earlier, the gateway computer 130 includes a gateway server 140, which listens to the usual HTTP port 80, and, for example to port 2050. On the mobile telephone, the web server 110 is running at step 500, and it listens to the usual HTTP port 80. However, this web server 110 is not accessible by anyone outside of the mobile telephone due to the problems discussed above. Furthermore, another process, referred to herein as the connector, is running, The connector opens a socket to port 2050 at step 505. As part of the opening of that socket, the connector declares the identity of the mobile telephone. As part of this opening sequence, the gateway server 140 learns the name of the mobile telephone. In this example, the mobile telephone is known as “alice.”

In the event that someone on the Internet attempts to browse to alice.name.mu, the following sequence of events occurs. The browser on the client device 120 performs a lookup for alice.name.mu at step 510. This lookup returns 10.20.30.40 as a result at step 515, which is the IP address of the gateway server 140. The browser proceeds to the HTTP port 80 on 10.20.30.40 and to transmit a regular HTTP request at step 520. The HTTP request header includes alice.name.mu in its host field.

From the value of the host field, the gateway sever deduces the recipient for the request at step 525. If the device known as alice has opened a connection to the gateway server 140, then the gateway server 140 sends the request to the mobile telephone over that connection at step 535. If the mobile telephone has not opened a connection to the gateway server, then the gateway server 140 responds with the appropriate error reply at step 530. When the request reaches the connector on the mobile telephone, the connector transmits it to the web server 110 running on the mobile telephone at step 540. When the web server 110 replies, the connector sends the reply back to the gateway server at step 545. The gateway server then proceeds to send it back to the browser that made the initial request at step 550. Therefore, to the individual using the browser, it appears as if the mobile telephone was directly accessible using the url alice.name.mu.

The solution depicted in FIG. 5 relies upon the mobile device 100 being able to open a TCP/IP socket from the mobile device 100 to the gateway server 140. However, an operator could prevent this creation from occurring by blocking the port that is used in the communication between the mobile device 100 and gateway computer 130. FIG. 6 is a flow chart showing a process for addressing this issue according to one embodiment of the present invention. In this process, it is assumed that the operator does not block every potential port, and that port 80 is not blocked by the operator.

As depicted in FIG. 6, the mobile device 100 attempts to open a socket to the gateway server 140 at step 600. If this succeeds, then no additional action is necessary and the process of FIG. 5 proceeds as discussed above. This is represented at step 610. If the attempt fails, this may be due to the fact that the operator has blocked the desired port in its firewall. In response, the mobile device 100 opens an HTTP connection to the gateway computer 130 using the regular web port 80 at step 620. This step is likely to succeed, as it is extremely unlikely that an operator would block this port. At step 630, the mobile device 100 transmits an HTTP request using a particular URL and informs the gateway server 140 that a particular port can no longer be used. At step 640, the gateway server 140 creates another incoming socket using a different port and, in the HTTP reply, informs mobile device 100 of the port number. The process is then repeated until an open port is found, at which time a socket is opened. This system makes it difficult, if not impossible, for an operator to prevent the connectivity solution of the present invention to be implemented unless all ports were blocked, which would render 2G and 3G networks meaningless unless a traffic analysis was performed on every connection.

The present invention is described in the general context of method steps, which may be implemented in one embodiment by a program product including computer-executable instructions, such as program code, executed by computers in networked environments.

Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. Computer-executable instructions, associated data structures, and program modules represent examples of program code for executing steps of the methods disclosed herein. The particular sequence of such executable instructions or associated data structures represent examples of corresponding acts for implementing the functions described in such steps.

Software and web implementations of the present invention could be accomplished with standard programming techniques, with rule based logic, and other logic to accomplish the various database searching steps, correlation steps, comparison steps and decision steps. It should also be noted that the words “component” and “module” as used herein, and in the claims, is intended to encompass implementations using one or more lines of software code, and/or hardware implementations, and/or equipment for receiving manual inputs.

The foregoing description of embodiments of the present invention have been presented for purposes of illustration and description. It is not intended to be exhaustive or to limit the present invention to the precise form disclosed, and modifications and variations are possible in light of the above teachings or may be acquired from practice of the present invention. The embodiments were chosen and described in order to explain the principles of the present invention and its practical application to enable one skilled in the art to utilize the present invention in various embodiments and with various modifications as are suited to the particular use contemplated. 

1. A method of providing access to a web server on an electronic device residing behind a firewall, comprising: having a gateway server positioned outside of the firewall, the gateway server possessing an IP address corresponding to a predetermined DNS extension, wherein the DNS name of the web server includes the predetermined DNS extension; upon a client device attempting to contact the electronic device using the DNS name, having the gateway server receive the contact attempt and information contained therein; and having the gateway server transmit the information included in the contact attempt to the web server.
 2. The method of claim 1, further comprising: having the gateway server receive response information from the web server; and having the gateway server relay the response information to the client device.
 3. The method of claim 1, further comprising: upon the gateway server receiving the contact attempt and information contained therein, determining whether the web server has an open connection with the gateway server; and if the web server does not have an open connection with the gateway server, transmitting an error reply to the client device.
 4. The method of claim 1, wherein the gateway server and the web server communicate through a specific port separate from a port used by the client device to communicate with the gateway server.
 5. The method of claim 1, further comprising, before having the gateway server transmit the information included in the contact attempt to the web server: having the electronic device attempt to open a socket with the gateway server using a web port, if the electronic device cannot open the socket, having the electronic device open an HTTP connection to the gateway server, transmitting a HTTP request using a particular URL to the gateway server from the electronic device; having the gateway server create an additional incoming socket using an additional port; informing the electronic device of the number of the additional port; having the electronic device attempt to open a socket with the gateway server using the additional port; and continuing to have the electronic device attempt to open a socket with the gateway server using additional ports until successful.
 6. A system for providing access to a web server through a firewall, comprising: an electronic device located behind the firewall and including the web server, the web server having a DNS with a predetermined DNS extension; and a gateway device outside of the firewall and including a gateway server, the gateway server having an IP address corresponding to the DNS extension, wherein, when a client device attempts to contact the electronic device using the DNS name, the gateway server receives the contact attempt and information contained therein, the gateway server transmitting the information included in the contact attempt to the web server.
 7. The system of claim 6, wherein the gateway server receive response information from the web server and relays the response information to the client device.
 8. The system of claim 6, wherein the gateway server and the web server communicate through a specific port separate from a port used by the client device to communicate with the gateway server.
 9. The system of claim 6, wherein when the gateway server receives the contact attempt and information contained therein, the gateway server determines whether the web server has an open connection with the gateway server and transmits an error reply to the client device is there is no open connection.
 10. A computer program product for providing access to a web server through a firewall, comprising: computer code for providing a gateway server on a gateway device, the gateway server having an IP address corresponding to a DNS extension; computer code for receiving a contact attempt from a client device for an electronic device behind the firewall, the electronic device having a DNS name including the DNS extension; and computer code for transmitting the information included in the contact attempt to the web server on the electronic device.
 11. The computer program product of claim 10, further comprising: computer code for receiving response information from the web server; and computer code for relaying the response information to the client device.
 12. The computer program product of claim 10, further comprising: computer code for, after receiving the contact attempt and information contained therein, determining whether the web server has an open connection with the gateway server; and computer code for, if the web server does not have an open connection with the gateway server, transmitting an error reply to the client device.
 13. The computer program product of claim 10, wherein the gateway server and the web server communicate through a specific port separate from a port used by the client device to communicate with the gateway server.
 14. A gateway device for providing communication through a firewall to a web server, comprising: a processor; and a memory unit operatively connected to the processor, the memory unit including: computer code for providing a gateway server on the gateway device, the gateway server having an IP address corresponding to a DNS extension; computer code for receiving a contact attempt from a client device for a mobile electronic device behind the firewall, the mobile electronic device having a DNS name including the DNS extension; and computer code for transmitting information included in the contact attempt to the web server on the electronic device.
 15. The gateway device of claim 14, wherein the memory unit further comprises: computer code for receiving response information from the web server; and computer code for relaying the response information to the client device.
 16. The gateway device of claim 14, wherein the memory unit further comprises: computer code for, after receiving the contact attempt and information contained therein, determining whether the web server has an open connection with the gateway server; and computer code for, if the web server does not have an open connection with the gateway server, transmitting an error reply to the client device.
 17. The gateway device of claim 14, wherein the gateway server and the web server communicate through a specific port separate from a port used by the client device to communicate with the gateway server.
 18. An electronic device, comprising: a processor; and a memory unit operatively connected to the processor and including: computer code for providing a web server on the electronic device; computer code for designating the electronic device with a DNS name having a predetermined DNS extension, the DNS extension corresponding to an IP address for a gateway server outside of a firewall within which the electronic device is located; computer code for receiving a information included in a contact attempt from a client device outside of the firewall, the information being transmitted through the gateway server to the web server.
 19. The electronic device of claim 18, wherein the memory unit further comprises computer code for transmitting response information to the gateway server, the gateway server relaying the response information to the client device.
 20. The electronic device of claim 18, wherein the gateway server and the web server communicate through a specific port separate from a port used by the client device to communicate with the gateway server.
 21. A computer program product for enabling communication with a client device outside of a firewall, comprising: computer code for providing a web server on a electronic device; computer code for designating the electronic device with a DNS name having a predetermined DNS extension, the DNS extension corresponding to an IP address for a gateway server outside of a firewall within which the electronic device is located; computer code for receiving a information included in a contact attempt from a client device outside of the firewall, the information being transmitted through the gateway server to the web server.
 22. The computer program product of claim 21, further comprising: computer code for attempting to open a socket with the gateway server from the electronic device using a web port; computer code for, if the electronic device cannot open the socket: opening an HTTP connection to the gateway server from the electronic device, transmitting an HTTP request using a particular URL to the gateway server from the electronic device; and upon receiving a number for an additional port from the gateway server in response to the HTTP request, attempting to open a socket with the gateway server from the electronic device using the additional port; and computer code for continuing to attempt to open a socket with the gateway server from the electronic device using additional ports until successful. 